Executive Summary
Summary | |
---|---|
Title | Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180919-webex | First vendor Publication | 2018-09-19 |
Vendor | Cisco | Last vendor Modification | 2018-09-19 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit this vulnerability by sending a user a link or email attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbonRJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczleUP/A405ALuo6duQP4d3psY8986GvpA nbJUfTwwKz3Mk925UjmaGiQfjGBCUIMZEL2j4bo/ioqzOxy919yMEXflaOkCa7ye nyrl11my5Nd0nAsyxtRb2GzIQ6q8+dL45V8NY68pZFMFVJIEes458prtnLE8H42J vMDE6Yh62EI44woYr/T/Oo93t+BvgFecPauLp3Gg7qbAtXDj1U1AKjY1B8QjaYp6 V+3Tw//kn02rOqzkNWVWggbP0GLUBBPnSHPTHWvpwI8YxC5xHnpphejux9+sN7Ss vqdzkbY4Ac14Kkl1L7jV+Sr7RGA9ai7XWPfK9ku37SA7hs5BMf7681hjg8c4MZ8w VxIOLhGoMlu+MHV0pIy33ilA++K7ukX+MADx4PbtLIeMmlAdKWbtI8+K2x2wjTQA fgIwaZ9yPVTnG5Hn1Ry0/NNsUF8SvRdXvjX1Q4lREKKbLKn7Mk6Tt0B3voOoh0k2 12n4cH1JKqFN7rHYJvwuVDaOeWttYMMGnu/aOaHh/0rNZXtBlPOoZYpksTJj10FZ 6Sm/1xMp2jP8QL5U6qvQ0rIHXjIUU2dtld0XbQcRWw9FxRJNLDqogRWACn+Jo4tq eeU3mVSFHxLMfcMrmgC4YrIP9vwFjNpDLlqEb0zjRkHEODOqH8C4EnDD2NFNYHIT lMc19egRoYOxwUy5 =Ukq3 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco WebEx Network Recording Player stack buffer overflow attempt RuleID : 47879 - Revision : 1 - Type : FILE-OTHER |
2020-12-05 | Cisco WebEx Network Recording Player stack buffer overflow attempt RuleID : 47878 - Revision : 1 - Type : FILE-OTHER |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-11-22 00:22:27 |
|
2018-10-05 21:21:50 |
|
2018-09-19 21:18:56 |
|